Kaiju Kingz Discord Hacked
Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.
Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!
The Kaiju Kings are a collection of thousands of pixel beast NFTs, which are rare collectibles that provide access to a specialized metaverse or the ability to mint other NFTs and tokens. On October 30th, 2021, their Discord was hacked through one of the team members who was anonymous named Kekwin. It is unclear whether it was a breach of malicious act from Kekwin, who was the only team member who remained anonymous. Over $70k worth of Ethereum was taken and the team has offered to refund members.
This is a global/international case not involving a specific country.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26]
About Kaiju Kingz
"Kaiju Kingz is a collection of 3,333 Genesis pixel beasts created by Augminted Labs sent to protect the Metaverse that live on the Ethereum blockchain." "Behold the KaijuKingz; larger than life pixel beasts tearing down a city near you. Our creed is to expand the Metaverse by supporting talented creatives and developers looking to break into NFTs. $RWASTE radiates in the core of our community, passively generated by Genesis Kaijuz as fuel for out Kaijuz. Demolish the old to make way for a new kind of community - a community of Kingz."
"Mint Date October 12, 2021" "KaijuKingz was spawned from the mind of CyberKongz holder and community member, OhDots, under his newly founded company: Augminted Labs. KaijuKingz hopes to expand its community with synergistic mechanics that foster competition and collaboration between Web3 communities. The collection will start with a mint of 3,333 Genesis Kaijuz, each granting its holder access to special perks and accesses. Genesis Kaijuz passively generate Radioactive Waste, which can be used to create Baby Kaijuz. Standing larger than life in a 69x69 pixel square, Kaijuz will have a wide variety of traits, types, and different aesthetics. Holding a Genesis Kaiju will reserve you a throne as a King of the Metaverse."
"KaijuKingz minted in October 2021 and has significant progress as a collection since. They have also gone through some bumps, such as a discord hack. Upon further analysis, we can see that the collection has a 28,000 total of ethereum traded on OpenSea. They have also collaborated with various established projects, such as PXN, Memeland by 9GAG, RaidParty, Possessed, and much more. They frequently give away whitelist spots for other projects in their discord. Kaiju has also had notable influencers invested into the project, such as Takoa, Banks, Champ T, Coco Bear, Zeneca, 9gagceo."
"At first glance, this seems like an anon team behind Kaiju profile pictures. But if we dig slightly deeper, we see that Kaiju is run by Augminted Labs. Augminted Labs’ team is the same guys we see here. If we visit Augminted’s website, we can see that the lead developer, artist, community manager, and developer are all doxxed. This only leaves Kekwin (another developer) to be undoxxed. Bullish sign for us, as majority of the team is accessible and we know who they are."
"Hey @Kingz, due to the success of KaijuKingz and how fast our official launch sold out, we have one more thing to give Kingz. SO WE ARE LETTING EVERYONE MINT 1000 KAIJUS FOR ONLY 0.15 ETH. BUY NOW! THEY WILL SELL OUT VERY QUICKLY! THANK YOU."
"As we’ve seen lately, the attackers posted a link to a fake minting page. Approx 32 ETH stolen from users before mods locked down the server." "@KaijuKingz Discord got hacked by the same group allegedly led by Hazema E. Do not mint the fake .ORG site. Do not mint AT ALL 70K USD already stolen. Guess Roblox being down left the scammers bored." "One green flag is that Kaiju has overcome their bumps, such as the discord hack."
"A team member's Discord has been compromised. We don't have any private or extended sales going on right now. Do not click any links DM'd to you by Kekwin or his bot in announcements. Our twitter account is fine and Discord has been cleaned. More info to come soon. Stay safe."
"Kekwin was swiftly banned from our server and the webhook was removed. Our old Discord URL of KaijuKingz was taken from us. Do not use KaijuKingz discord invite. Out new discord URL is 'kaiju-kingz' and has been updated on our OpenSea and Website and other socials. Our Twitter is completely safe as Kekwin had no access to it. We've removed Kekwin's access to our site and have pushed a new update to it that will replace our Discord link."
"Hello @everyone - please read this and be on alert for this new scam, in this Discord and in every other one you're involved in. Some major Discord servesrs have been hit with this scam (I believe TopShot just got targeted) - you can never be too careful. Remember - be hyper vigilant."
"It appears as though scammers are exploiting lax controls around Discord integrations to gain access to the bot / Discord server."
"Be wary of announcements that are posted by bots! Verify that the community founders or admins are posting, especially when it comes to minting. Be especially careful of announcements to the effect of 'Stealth mint!' especially when the project did not previously plan to launch a stealth mint. Independently verify any links that are posted. Navigate to the website in your own browser where possible. Be suspicious. If something doesn't seem right, or if an announcement seems to be a sudden change in direction, be suspicious. If the project is still building up its community and a whitelist is open, they're probably not suddenly switching to a stealth launch."
"Out Discord is now secure[.] We will be monitoring over the next couple of days to see if more actions are needed. For now we will have fewer channels and slowly re-add when we are certain that we are no longer being targeted."
"Our Discord is confirmed to be secured, we've issued refunds to any accounts deemed legitimately affected by the false link. Thankfully there were so few transactions that we were able to manually screen through them. Appreciate the support and love you guys."
This is a global/international case not involving a specific country.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
- Known history of when and how the service was started.
- What problems does the company or service claim to solve?
- What marketing materials were used by the firm or business?
- Audits performed, and excerpts that may have been included.
- Business registration documents shown (fake or legitimate).
- How were people recruited to participate?
- Public warnings and announcements prior to the event.
Don't Include:
- Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
- Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
The Reality
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
- When the service was actually started (if different than the "official story").
- Who actually ran a service and their own personal history.
- How the service was structured behind the scenes. (For example, there was no "trading bot".)
- Details of what audits reported and how vulnerabilities were missed during auditing.
What Happened
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
| Date | Event | Description |
|---|---|---|
| October 30th, 2021 6:08:00 PM MDT | Main Event | Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here. |
Technical Details
This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?
Total Amount Lost
The total amount lost has been estimated at $70,000 USD.
How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
Immediate Reactions
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?
Ultimate Outcome
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
Total Amount Recovered
There do not appear to have been any funds recovered in this case.
What funds were recovered? What funds were reimbursed for those affected users?
Ongoing Developments
What parts of this case are still remaining to be concluded?
General Prevention Policies
It is recommended to be extremely cautious of any links posted on Discord, given the repeated hacks of the platform. Users need to be cautious with any posted links. Always check any communication against multiple official sources of a project.
Platforms should be extremely cautious regarding the permissions which are granted via Discord, and limit the access levels to critical functionality. Discord should improve their security and offer multi-signature permissions for key functions. Ideally, public groups should be managed from an exclusive account which isn't used for anything else.
Individual Prevention Policies
No specific policies for individual prevention have yet been identified in this case.
For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.
Platform Prevention Policies
Policies for platforms to take to prevent this situation have not yet been selected in this case.
For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.
Regulatory Prevention Policies
No specific regulatory policies have yet been identified in this case.
For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.
References
- ↑ KaijuKingz (Jul 14, 2022)
- ↑ Kaiju Kingz - NFT Overview (Jul 14, 2022)
- ↑ https://opensea.io/collection/kaiju-kingz (Jul 14, 2022)
- ↑ @nftherder Twitter (Jul 16, 2022)
- ↑ https://medium.com/@zaydy/kaiju-kingz-analysis-f1f57b68816e (Jul 16, 2022)
- ↑ @Zeneca_33 Twitter (Jul 17, 2022)
- ↑ @KaijuKingz Twitter (Jul 17, 2022)
- ↑ @KaijuKingz Twitter (Jul 17, 2022)
- ↑ @NFTherder Twitter (Jul 17, 2022)
- ↑ @johnj1138 Twitter (Jul 17, 2022)
- ↑ @ChainDash Twitter (Jul 17, 2022)
- ↑ @nfthater Twitter (Jul 17, 2022)
- ↑ @BonafideNFT Twitter (Jul 17, 2022)
- ↑ @brrrocto Twitter (Jul 17, 2022)
- ↑ @Niftycrypt Twitter (Jul 17, 2022)
- ↑ @SharpMatter_ Twitter (Jul 17, 2022)
- ↑ @SharpMatter_ Twitter (Jul 17, 2022)
- ↑ @Abstrusus1 Twitter (Jul 17, 2022)
- ↑ @NFT_Safety Twitter (Jul 17, 2022)
- ↑ @NFTweb_3 Twitter (Jul 17, 2022)
- ↑ @nftgio Twitter (Jul 17, 2022)
- ↑ @Niftycrypt Twitter (Jul 17, 2022)
- ↑ @laksnft Twitter (Jul 17, 2022)
- ↑ @ZsMann Twitter (Jul 17, 2022)
- ↑ @Yarieos Twitter (Jul 17, 2022)
- ↑ @KaijuKingz Twitter (Jul 17, 2022)